Vigil@nce: Solaris, information disclosure via xscreensaver
September 2009 by Vigil@nce
When the screen is resized via RandR, the xscreensaver only hides
a part of the screen.
– Severity: 1/4
– Consequences: data reading
– Provenance: user console
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 23/09/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
The X RandR (Resize and Rotate) extension is used to change the
size and the orientation of the screen.
The xscreensaver server locks the screen, by displaying a black
window in the foreground.
However, if the screen is resized with RandR, xscreensaver does
not update the size of the black window to be displayed. The
hidden zone can thus be smaller than the screen size.
An attacker, with a physical access to the screen, can therefore
read a fragment of the display.
CHARACTERISTICS
– Identifiers: 249646, 6757448, BID-36488, VIGILANCE-VUL-9042
– Url: http://vigilance.fr/vulnerability/Solaris-information-disclosure-via-xscreensaver-9042